From owner-freebsd-bugs@FreeBSD.ORG Wed Apr 19 10:40:20 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A71CC16A404 for ; Wed, 19 Apr 2006 10:40:20 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68CD343D49 for ; Wed, 19 Apr 2006 10:40:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3JAeK6Z045412 for ; Wed, 19 Apr 2006 10:40:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3JAeKbe045411; Wed, 19 Apr 2006 10:40:20 GMT (envelope-from gnats) Date: Wed, 19 Apr 2006 10:40:20 GMT Message-Id: <200604191040.k3JAeKbe045411@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Gleb Smirnoff Cc: Subject: Re: kern/95559: [RELENG_6] write(2) fails with EPERM on TCP socket under certain situations X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Gleb Smirnoff List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2006 10:40:20 -0000 The following reply was made to PR kern/95559; it has been noted by GNATS. From: Gleb Smirnoff To: Xin LI Cc: dhartmei@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org Subject: Re: kern/95559: [RELENG_6] write(2) fails with EPERM on TCP socket under certain situations Date: Wed, 19 Apr 2006 14:38:35 +0400 Hi, Xin! On Mon, Apr 10, 2006 at 09:49:18AM +0800, Xin LI wrote: X> >How-To-Repeat: X> X> First, one should load the following ruleset onto pf(4) X> X> --- pf.conf begins here --- X> scrub reassemble tcp random-id X> set skip on lo0 X> --- pf.conf ends here --- X> X> Second, run a cvsupd daemon from the host. X> X> Third, set up a jail and try to transfer some big data X> from the host. X> X> A ktrace dump is available at: X> http://www.delphij.net/kdump.txt.bz2 X> X> Please note that the dump is big (about 7MB). X> X> >Fix: X> X> By removing either rule from the pf.conf seems to work X> around the issue. However, we have grep'ed EPERM from netinet X> and pf code and found that there is not a reasonable reason X> why write(2) would return EPERM in the code path. I think this behavior is correct. The traffic from host to jail is routed through lo0, however within a jail the hosts address is a foreign one, and thus is routed via some interface, not lo0. So traffic from host to jail runs through lo0 and traffic from jail to host doesn't. With the above rules you establish TCP scurbbing in pf, which requires inspecting and normalizing TCP packets in both directions. However, you skip pf processing for one direction, and pf sees only half of TCP connection and assumes connection bogus and thus denies it. P.S. May be Daniel can comment on this. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE